WO2005064842A1 - Flexible network security system and method for permitting trusted process - Google Patents

Flexible network security system and method for permitting trusted process Download PDF

Info

Publication number
WO2005064842A1
WO2005064842A1 PCT/KR2004/003456 KR2004003456W WO2005064842A1 WO 2005064842 A1 WO2005064842 A1 WO 2005064842A1 KR 2004003456 W KR2004003456 W KR 2004003456W WO 2005064842 A1 WO2005064842 A1 WO 2005064842A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
port
prcgram
step
information
registered
Prior art date
Application number
PCT/KR2004/003456
Other languages
French (fr)
Inventor
Dong-Hyuk Lee
Original Assignee
Inca Internet Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Abstract

Disclosed herein is a flexible network security system and method for permitting a trusted process. The system includes a port monitoring unit for extracting information about a server port being used through a network communication program, an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information, an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.

Description

Description FLEXIBLE NETWORK SECURITY SYSTEM AND METHOD FOR PERMITTING TRUSTED PROCESS Technical Field

[1] The present invention relates generally to a flexible network security system and method for permitting a trusted process and, more particularly, to a network security system and method, in which a port, which is used by a program for which commu- nicationis permitted, is automatically added to or removed from an internet connection firewall, thus allowing inexpert users to easily use the internet connection firewall having excellent functionality. Background Art

[2] A firewall is a security system that forms a protection border between a network and the outside thereof.

[3] FIG. 1 is a view showing an Internet Connection Firewall (ICF) for protecting a computer and a network, which has been basically provided by Microsoft Inc. since the XP version of Windows.

[4] The ICF is software used to set restrictions on information communicated between a network or small-scale network and the Internet, and protects an Internet connection of a single computer to the Internet.

[5] Meanwhile, a conventional ICF is a stateful firewall. The term stateful firewall refers to a firewall which monitors all the communication passing through a corresponding path, and inspects the original of each message to be processed, a target address and a port.

[6] The ICF permits outbound traffic but blocks inbound traffic, so that a network inside the ICF is not seen from the outside. For this reason, in a Personal Computer (PC) firewall, this function is referred to as a "stealth function."

[7] The operation of the ICF is described in brief below.

[8] The ICF keeps track of traffic originating from an ICF computer, and maintains a communication table, so that unwanted traffic does not enter through the personal connection. Further, all inbound traffic on the Internet is compared with the items in the table. Only in the case where it is proved that a matching item exists in the table and communication originated from the user's computer, inbound Internet traffic is connected to a network computer.

[9] In contrast, in the case where an Internetconnection is not permitted on the basis of a firewall permission list, the ICF di&n micns ihe connection. Accordingly, general hacking, such as port scanning, can be blocked by automatically canceling unwanted communication.

[10] For example, when an ICF computer is scanned using a Linux nmap scanning tool in order to check such a case, the ICF computer does not respond to any scan operation, so that Network Mapper (Nmap) determines that a target computer does not exist on a network for every scan, and outputs the message 'Host Seems Down." As described above, the ICF blocks general hacking, such as port scanning, is performed by automatically canceling unwanted communication.

[11] Meanwhile, when the ICF is installed in a web service providing computer, the ICF blocks inbound traffic, so that the Internetconnection is disconnected, and, therefore, normal web service cannot be offered. To solve this problem, the ICF permits inbound traffic to Port 80 used by service, thus being capable of allowing normal web service.

[12] As described above, the ICF allows normal service to be used by adding services and protocols, and the PC firewall also provides such functions.

[13] Meanwhile, the problem of the ICF is described below.

[14] Recent Internet software, such as a web server, a File Transfer Protocol (FTP) server, a telnet server, a peer-to-peer (P2P) program, a remote control program and a messenger program, operates as service providing servers. Furthermore, the amount of software operating as a server as described above is increasing remarkably, and such software trends toward being used by many general users.

[15] However, most users avoid using stealth function of the ICF or PC firewall because the above-described software operating as a server does not operate normally. In Windows XP shown in FIG. 2, the corresponding software can be normally used by adding a port, a protocol, and an Internet Protocol (IP) used by the software operating as a server uses. However, it is difficult for inexpert users to set them because the inexpert users have difficulty in finding a port operating as a server.

[16] Furthermore, since a port operating as a server may be changed when the version of the software is upgraded, normal service may be unexpectedly interrupted. For these reasons, there is a problem in that it is difficult for general users to use the stealth functions of the ICF and the PC firewall despite their desired characteristics. Disclosure of Invention Technical Problem

[17] Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, ami an υυjcct of the present invention is to provide a network security system and method, in which a port, which is used by a program for which communication is permitted, is automatically added to or removed from an internet connection firewall, thus allowing inexpert users to easily use a desired function of the internet connection firewall. Technical Solution

[18] In order to accomplish the above object, the present invention provides a network security system for permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, including a port monitoring unit for extracting information about a server port being used through a network communication program; an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information; an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.

[19] In addition, in order to accomplish the above object, the present invention provides a network security method of permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, including the first step of extracting information about a server port being used through a network communication program; the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted program storage; the third step of, if information about the server port being used is extracted using the program registered in the internal permitted program storage at the first step, registering the information about the extracted server port in an internal permitted port storage; the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage; the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the iiicwαn αnu the sixth step of, if, as a result ofthe determination at the fourth step, the destination port has been registered, allowing the corresponding packet to bypass the firewall. [20] Preferably, in the case of performing communication using Transmission Control Protocol (TCP), the first step is extracts a listen port through hooking when a socket performs Listen to operate as a server. [21] Preferably, in the case of communication using User Datagram Protocol (UDP), the first step extracts the server port by performing hooking in a user mode when a socketcalls a relevant function to receive a packet. Advantageous Effects [22] As described above, in accordance with the present invention, a port which is used by a program for which communication is permitted is automatically added to or removed from the ICF, so that inexpert users are capable of easily using the ICF having excellent functionality. Brief Description of the Drawings [23] The above and other objects, features and advantages of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which: [24] FIG. 1 is a view showing an ICF for protecting a computer and a network, which has basically been provided by Microsoft Inc. since the XP version of Windows; [25] FIG. 2 is a view showing an interface screen that allows a port, a protocol, and an IP, which are used by software that operates as a server uses in Windows XP, to be added [26] FIG. 3 is a block diagram showing the mode division of a Microsoft Windows operating system used in the present invention [27] FIG. 4 is a schematic flowchartshowing the operation of an ICF according to the present invention, which illustrates processes of installing a port monitoring unit and the ICF, and storing a permitted program list in an internal permitted program storage [28] FIG. 5 is a view showing an interface screen that is displayed to allow a communication permitted program list to be stored in an internal permitted program storage in a flexible ICF in accordance with an embodiment of the present invention; [29] FIG. 6 is a block diagram showing the operation of an entire firewall using a device for making an ICF flexible according to the present invention [30] FIG. 7 is a flowchart showing a process of storing and deleting a server port in and from the internal permitted port stoiαgc u± α ncxible ICF according to an embodiment of the present invention and

[31] FIG. 8 is a flowchart showing a packet processing flow performed in front of an ICF in accordance with an embodiment of the present invention. Best Mode for Carrying Out the Invention

[32] A flexible network security system and method for permitting a trusted process and method in accordance with an embodiment of the present invention is described in detail with reference to the accompanying drawings below.

[33] First, the related art corresponding to the background of the present invention is described in brief.

[34] FIG. 3 is a block diagram showing the mode division of a Microsoft Windows operating system used in the present invention.

[35] Referring to FIG. 3, Windows XP, which is provided by Microsoft Inc., provides a kernel mode and a user mode. In the kernel mode, an operating system kernel and various kinds of device drivers are driven, and in the user mode, applications are mainly driven. Programs which operate in the kernel mode existin the form of device drivers. A kernel mode network structure supported by the Microsoft Windows operating system includes afd.sys (AFD), that is, the kernel of a Windows socket, a Network Driver Interface Specification(NDIS), and a Transport Driver Interface (TDI).

[36] The afd.sys which exists at the uppermost layer in the kernel mode communicates with msafd.dll, that is, a Dynamic Link Library (DLL) which exists at the lowermost layer in the user mode Windows socket, and constitutes an interface with TDI existing at the lower layer thereof.

[37] The TDI defines a kernel mode interface which exists above a protocol stack. The NDIS provides a standard interfacefor Network Interface Card Device Drivers (MCDDs).

[38] A method of constructing a firewall in the user mode of the Microsoft Windows operating system is described below in brief.

[39] Hooking refers to a widely known programmingmethod that stores the address of a original function intended to be hooked, and replaces the address of the original function with the address of a function made by the user, thus allowing the original function to be executed afterward through the execution of the function made by the user.

[40] 1) Winsock Layered Service Provider (LSP)

[41] This method is a method provided by Microsoft Inc., which is based on a Service Provider Interface (SPI) that is a coiiijjuucin cλistingin Microsoft networking widely used in Quality Of Service (QCS), URL filtering, and the encryption of a data stream.

[42] 2) Windows 2000 Packet Filtering Interface

[43] Windows 2000 uses a method of installing a filter descriptor so that an application program in the user mode can perform permission and blocking on the basis of an IP address and port information.

[44] 3) Winsock Dll replacement

[45] This method is based on a method of filtering by replacing the Winsock DLL of Microsoft Windows with a DLL made by the user.

[46] 4) Global Function Hooking

[47] This method is based on a method of hooking the socket functions in Windows, such as Connect, Listen, Send, Recv, Sendto, and Recvfrom, or a DeviceIoControl() function that application in the user mode uses to communicate with a driver in the kernel mode.

[48] A method of constructing a firewall in the kernel mode of the Microsoft Windows operating system is described in brief below.

[49] 1 ) Kernel Mode Socket Filter

[50] This scheme is based on a method of hooking all the Inputs/Outputs (I/Os) in which msafd.dll, which is a DLL existing at the lowermost layer below a Windows socket in the user mode, communicates with afd.sys, which is a kernel mode Windows socket.

[51] 2) TDI filter driver

[52] This scheme is based on a method of utilizing a filter driver produced by applying an IoAttackDeviceO API to a device created by a tcpip.sys driver, such as \Device\RawIp, \Device\Udp, \Device\Tcp, \DeviceUp, \Device\MULTICAST. Alternatively, this method is based on a method of hooking all I/Os by replacing a dispatch table existing in the driver object of tcpip.sys.

[53] 3) NDIS InterMediate (IM) driver

[54] This scheme is a method, which is provided to users by Microsoft Inc., and allows a firewall and aNetwork Address Translation (NAT) to be developed throtgh insertion between a protocol driver, such as TCP/IP, and an MC driver.

[55] 4) NDIS hooking filter driver

[56] This scheme is a method of hooking the functions of a NDIS library, which is based on a method of hooking functions, such as NdisRegisterProtocol, NϋsDeregis- terProtocol, NϋsOpenAdapter, NdisCloseAdapter and NdisRegisterProtocol, or a method of hooking the I/Os of a Protocol driver and an MC driver in communication with the NDIS after finding an existing icgi&icied protocol driver link on the basis of a returned NϋsProtocolHandle, such as TCP/IP, using an NdisRegisterProtocol function that registers the Protocol driver thereof.

[57] The ICF according to the present invention may be implemented in the above- described kernel mode socket filter, TDI filter driver, NDIS IM driver and NDIS hooking filter, and is generally implemented in the NDIS IM driver or NDIS hooking filter driver.

[58] The ICF maintains the entire communication table of IPs and ports by keeping track of traffic originating from an ICF computer. All inbound traffic from the Internet is compared with items existing in this communication table. Only when it is proved that a matching item exists in the table and, therefore, communication originated from the user's computer, inbound Internet traffic is permitted; otherwise the traffic is blocked.

[59] Granting permission to the inbound traffic is performed by calling the address of a hooked original function. In contrast, blocking to the inbound traffic is performed by sending a false return indicating that the call to the original function succeeded or failed without calling the original function, or providing false information so that the original function is called but the performance of the function is not performed normally.

[60] A flexible network security system and method for permitting a trusted process according to the present invention is described based on the above-described basic description related to the firewall.

[61] FIG. 4 is a schematic flowchart showing the operation of an ICF according to the present invention, which illustrates processes of installing a port monitoring unit and the ICF, and storing a permitted program list in an internal permitted program storage.

[62] First, at step S410, a port monitoring unit and an ICF are installed.

[63] In the case of TCP, when a socket performs Listen to operate as a server, the port monitoring unit extracts a listen port throtgh Winsock hooking. Furthermore, when a corresponding operation is performed in msafd.dll, a corresponding operation in a kernel is performed in the AFP, that is, the socket part of the kernel, or TDI_EVENT_CONNECT is called throtgh TdiSetEvent() in the TDI, the port monitoring unit extracts the listen port.

[64] In the case of User Datagram Protocol (UDP), when a socket calls recvfrom to receive a packet, a server port for receiving the packet is extracted by Winsock hooking in the user mode. Furthermore, when a successive operation in the AFD exists in the kernel mode, or when TDI_EVENT_RECEINE_DATAGRAM is created through conesponding TdiSetEvent^, α »cι vci port for receiving a packet is extracted.

[65] The port monitoring unit is installed byWinsock hooking in the user mode, or by the kernel mode socket filter and the TDI filter driver in the kernel mode, and functions to extract server port information, protocol information (TCP, UDP, etc.), and OPEN/CLOSE information.

[66] Thereafter, the ICF is installed. Such an ICF may be implemented in a kernel mode socket filter, a TDI filter driver, an NDISIM driver, a Windows 2000 filter hook driver and an NDIS hooking filter driver, and is generallyinstalled through the NDIS IM driver or the NDIS hooking filter driver in the same manner as described above.

[67] Then, at step S420, a permitted program list is stored in an internal permitted prcgram storage. FIG. 5 is a view showing an interface screen that is displayed to allow a communication permitted prcgram list to be stored in an internal permitted prcgram storage in the flexible ICF in accordance with an embodiment of the present invention.

[68] As shown in FIG. 5, when a prcgram to be permitted by the ICF is selected, a prcgram name, the entire path of a prcgram, and, the Message Digest algorithm 5 (MD5) hash value of a conesponding prcgram file for checking, and the integrity of the prcgram are obtained. The prcgram name, the entire path of a prcgram, and the prcgram MD5 hash value obtained as described above are stored in the internal permitted prcgram storage.

[69] The internal permitted prcgram storage storesdata in the form of the following Table 1, and in the form of a file or a database including information about the prcgram name, the entire path of a prcgram, and the prcgram MD5 hash value.

[70] Table 1

Figure imgf000009_0001

[71] FIG. 6 is a block diagram showing the operation of an entire firewall using a device for making an ICF flexible device ac uiumg ιυ the present invention, which is described in detail below.

[72] When an Internet use prcgram 610 opens a server port to operate as a server, a device for making an ICF flexible 620 determines whether a prcgram, which opened the conesponding server port, has been registered in an internal permitted prcgram storage 650.

[73] When the conesponding prcgram has been registered, the device for making an ICF flexible 620 registers the opened server port in an internal permitted port storage 660.

[74] Meanwhile, when inbound traffic is transmitted from the outside, the inbound traffic reaches an ICF 630 after passing throtgh a network card 640. The device for making an ICF flexible 620 determines whether a destination port has been registered in the internal permitted port storage 660 by examining the packets of the inbound traffic.

[75] If, as a result of the determination, the conesponding port has not been registered, a packet is transmitted to the ICF 630 and the packet is blocked. However, if the corresponding port has been registered, a packet is not permitted to pass throtgh the ICF 630, and a hooked original function is called to bypass the packet to the device for making an ICF flexible 620 registers.

[76] The following Table 2 is an example showing ports registered in the internal permitted port storage.

[77] Table 2

Figure imgf000010_0001

[78] As shown in Table 2, the internal permitted port storage includes information about the entire path of a prcgram, the protocol and the port, and may exist in the forms of an anay orconnection list in memory, oi m mc lυim of a file or a database.

[79] FIG. 7 is a flowchart showing a process of storing and deleting a server port in and from the internal permitted port storage of a flexible ICF according to an embodiment of the present invention, which is described in detail below.

[80] First, at step S701, information about a server port, OPEN/CLOSE information, and information about protocol are extracted from the port monitoring unit, and then, at step S703, the port monitoring unit determines whether a cunent prcgram, which opened the server port, has been registered in the internal permitted prcgram storage.

[81] Meanwhile, a method of obtaining information about a cunent process that is using a network is performed in such a way that the portmonitoring unit extracts the ID information of the cunent process using a PsGetCunentProcessId() function, and acquires the entire path of the cunent prcgram through the process ID. The MD5 hash value of the conesponding prcgram is extracted through the entire path of the prcgram obtained as describedabove, and it is determined whether the cunent prcgram exists in the internal permitted prcgram storage using the MD5 hash value and the entire path of the prcgram.

[82] If, as a result of the determination at step S7Q3, the cunent prcgram has not been registered, the process ends. In contrast, if the cunent prcgram has been registered, at step 705, it is determined whether the server port is opened or closed using the extracted OPEN/CLOSE information.

[83] If, as a result of the determination at step S705, the server port has been opened, the information about the entire path of the prcgram, the protocol and the server port is registered at step S709, and the process ends.

[84] In contrast, if, as a result of the determination at step S705, the server port has not been opened, the items of the permitted port storage matched with the information about the entire path of the prcgram, the protocol and the server port are searched for and then deleted at steps S706 and S707, and the process ends.

[85] FIG. 8 is a flowchart showing a packet processing flow performed in front of an ICF in accordance with an embodiment of the present invention, which is described in detail below.

[86] First, at step S801, a packet is extracted from inbound traffic beforebeing processed by the ICF and, then, at step S8Q3, information about a conesponding destination (local) port and a protocol is extracted from the extracted packet.

[87] Thereafter, at step S805, it is determined whether information abouta conesponding destination (local) port and a protocol has been registered in the internal permitted port storage.

[88] If, as a result of the determination at step S805, the information has not been registered, the conesponding packet is transmitted to the ICF at step S807. In contrast, if the information has been registered, the destination port must be a permitted port, so that the inbound traffic is allowed to bypass the ICF by calling a hooked original function. Mode for the Invention

[89] Althotgh the prefened embodiments of the present invention have been disclosed for illustrative purposes, it will be apparent to those skilled in the art that various modifications, additions and substitutions thereof are possible, without departing from the spirit of the invention. Accordingly, the scope of the invention will be limited only by the accompanying claims, in which it will be appreciated that the examples of the modifications, additions and substitutionsare all included. Industrial Applicability

[90] As described above, in accordance with the present invention, a port which is used by a prcgram for which communicationis permitted is automatically added to or removed from the ICF, so that inexpert users are capable of easily using the ICF having excellent functionality.

Claims

Claims
[1] A network security system for permitting a trusted process using a firewall, the firewall protecting a conesponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising: a port monitoring unit for extracting information about a server port being used through a network communication prcgram; an internal permitted prcgram storage for extracting information about a prcgram for which communication is permitted by the firewall, and registering the extracted information; an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the prcgram registered in the internal permitted prcgram storage, registering the extracted information about the server port; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the conesponding packet to bypass the firewall.
[2] The network security system as set forth in claim 1, wherein the information about the prcgram, which is extracted and registered in the internal permitted prcgram storage, includes information about a prcgram name, an entire path of the prcgram, and a prcgram Message Digest 5 (MD5) hash value.
[3] The network security system as set forth in claim 1, whereinthe information about the server port, which is extracted and registered in the internal permitted port storage, includes information about an entire path of the prcgram, a protocol, and a port.
[4] A network security method of permitting a trusted process using a firewall, the firewall protecting a conesponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising: the first step of extracting information about a server port being used throtgh a network communication prcgram; the second step of extracting information about a prcgram for which com- munication is permitted by the mcwαn, and registering the extracted information in an internal permitted prcgram storage; the third step of, if information about the server port being used is extracted using the prcgram registered in the internal permitted prcgram storage at the first step, registering the information about the extracted server port in internal permitted port storage; the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage; the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall and the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the conesponding packet to bypass the firewall.
[5] The network security method as set forth in claim 4, wherein, in the case of performing communication using Transmission Control Protocol (TCP), the first step extracts a listen port throtgh hooking when a socket performs Listen to operate as a server.
[6] The network security method as set forth in claim 4, wherein, in the case of communication using User Datagram Protocol (UDP), the first step extracts the server port by performing hooking in a user mode when a socket calls a relevant function to receive a packet.
[7] The network security method as set forth in claim 4, wherein, the sixth step allows the conesponding packet to bypass the firewall by calling a hooked original function.
[8] The network security method as set forth in claim 4, wherein the information about the prcgram, which is extracted and registered at the second step, includes information about a prcgram name, an entire path of the prcgram, and a prcgram Message Digest 5 (MD5) hash value.
[9] The network security method as set forth in claim 4, wherein the information of the server port, which is extracted and registered at the third step, includes information about an entire path of the prcgram, a protocol, and a port.
[10] A computer-readable recording medium for performing a network security method using a firewall, the medium storing a prcgram for executing the method, the method comprising: the first step of extracting infoiiuαin u αυout a server port being used throtgh a network communication prcgram; the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted prcgram storage; the third step of, if information about the server port being used is extracted using the prcgram registered in the internal permitted prcgram storage at the first step, registering the information about the extracted server port in an internal permitted port storage; the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage; the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall and the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the conesponding packet to bypass the firewall.
PCT/KR2004/003456 2003-12-31 2004-12-27 Flexible network security system and method for permitting trusted process WO2005064842A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR20030101775A KR100522138B1 (en) 2003-12-31 2003-12-31 Flexible network security system and method to permit trustful process
KR10-2003-0101775 2003-12-31

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10582127 US8544078B2 (en) 2003-12-31 2004-12-27 Flexible network security system and method for permitting trusted process
JP2006546833A JP4290198B2 (en) 2003-12-31 2004-12-27 The method of flexible network security system and network security to allow reliable process
US13924504 US20130283366A1 (en) 2003-12-31 2013-06-21 Flexible network security system and method for permitting trusted process

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13924504 Continuation US20130283366A1 (en) 2003-12-31 2013-06-21 Flexible network security system and method for permitting trusted process

Publications (1)

Publication Number Publication Date
WO2005064842A1 true true WO2005064842A1 (en) 2005-07-14

Family

ID=34737959

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2004/003456 WO2005064842A1 (en) 2003-12-31 2004-12-27 Flexible network security system and method for permitting trusted process

Country Status (4)

Country Link
US (2) US8544078B2 (en)
JP (1) JP4290198B2 (en)
KR (1) KR100522138B1 (en)
WO (1) WO2005064842A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007065807A (en) * 2005-08-30 2007-03-15 Yokogawa Electric Corp Access controller and access control method
US7631349B2 (en) * 2001-01-11 2009-12-08 Digi International Inc. Method and apparatus for firewall traversal
US7664699B1 (en) * 2005-12-21 2010-02-16 Symantec Corporation Automatic generation of temporary credit card information
US8170020B2 (en) * 2005-12-08 2012-05-01 Microsoft Corporation Leveraging active firewalls for network intrusion detection and retardation of attack

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7536542B2 (en) * 2005-01-19 2009-05-19 Microsoft Corporation Method and system for intercepting, analyzing, and modifying interactions between a transport client and a transport provider
US7966643B2 (en) * 2005-01-19 2011-06-21 Microsoft Corporation Method and system for securing a remote file system
US8135741B2 (en) 2005-09-20 2012-03-13 Microsoft Corporation Modifying service provider context information to facilitate locating interceptor context information
US8997076B1 (en) * 2007-11-27 2015-03-31 Google Inc. Auto-updating an application without requiring repeated user authorization
US20090172187A1 (en) * 2007-12-31 2009-07-02 Eetay Natan Techniques to enable firewall bypass for open mobile alliance device management server-initiated notifications in wireless networks
JP5503276B2 (en) * 2009-11-18 2014-05-28 キヤノン株式会社 An information processing apparatus and its security setting method
JP5601840B2 (en) * 2010-01-08 2014-10-08 株式会社日立ソリューションズ Information leakage prevention device to the network
US9009779B2 (en) * 2010-11-12 2015-04-14 Content Watch, Inc. Methods related to network access redirection and control and devices and systems utilizing such methods
JP5757160B2 (en) * 2011-05-31 2015-07-29 横河電機株式会社 Control bus system
JP5701715B2 (en) * 2011-08-12 2015-04-15 株式会社東芝 Energy management apparatus, the power management system and program
US9380081B1 (en) * 2013-05-17 2016-06-28 Ca, Inc. Bidirectional network data replications
US20150172153A1 (en) * 2013-12-15 2015-06-18 Vmware, Inc. Network introspection in an operating system
KR101841080B1 (en) 2017-11-13 2018-05-04 한국과학기술정보연구원 Method and system for data packet bypass transmission

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020001190A (en) * 2000-06-27 2002-01-09 서평원 Apparatus for extended firewall protecting internal resources in network system
KR20020086434A (en) * 2002-10-24 2002-11-18 (주)센타비전 Network-based Intrusion Control System
JP2004054488A (en) * 2002-07-18 2004-02-19 Yokogawa Electric Corp Firewall device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182146B1 (en) * 1997-06-27 2001-01-30 Compuware Corporation Automatic identification of application protocols through dynamic mapping of application-port associations
US6182228B1 (en) * 1998-08-17 2001-01-30 International Business Machines Corporation System and method for very fast IP packet filtering
US6728885B1 (en) * 1998-10-09 2004-04-27 Networks Associates Technology, Inc. System and method for network access control using adaptive proxies
KR20010090014A (en) 2000-05-09 2001-10-18 김대연 system for protecting against network intrusion
US20030115327A1 (en) * 2001-03-16 2003-06-19 Takeshi Kokado Method and apparatus for setting up a firewall
US20030149887A1 (en) * 2002-02-01 2003-08-07 Satyendra Yadav Application-specific network intrusion detection
US7146638B2 (en) * 2002-06-27 2006-12-05 International Business Machines Corporation Firewall protocol providing additional information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020001190A (en) * 2000-06-27 2002-01-09 서평원 Apparatus for extended firewall protecting internal resources in network system
JP2004054488A (en) * 2002-07-18 2004-02-19 Yokogawa Electric Corp Firewall device
KR20020086434A (en) * 2002-10-24 2002-11-18 (주)센타비전 Network-based Intrusion Control System

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7631349B2 (en) * 2001-01-11 2009-12-08 Digi International Inc. Method and apparatus for firewall traversal
US7827601B2 (en) 2001-01-11 2010-11-02 Digi International Inc. Method and apparatus for firewall traversal
JP2007065807A (en) * 2005-08-30 2007-03-15 Yokogawa Electric Corp Access controller and access control method
US8170020B2 (en) * 2005-12-08 2012-05-01 Microsoft Corporation Leveraging active firewalls for network intrusion detection and retardation of attack
US7664699B1 (en) * 2005-12-21 2010-02-16 Symantec Corporation Automatic generation of temporary credit card information

Also Published As

Publication number Publication date Type
US20130283366A1 (en) 2013-10-24 application
KR20050083204A (en) 2005-08-26 application
US20070226788A1 (en) 2007-09-27 application
JP4290198B2 (en) 2009-07-01 grant
KR100522138B1 (en) 2005-10-18 grant
US8544078B2 (en) 2013-09-24 grant
JP2007517305A (en) 2007-06-28 application

Similar Documents

Publication Publication Date Title
US7441265B2 (en) Method and system for session based authorization and access control for networked application objects
US20030097590A1 (en) Personal firewall with location dependent functionality
US7007302B1 (en) Efficient management and blocking of malicious code and hacking attempts in a network environment
US20130097692A1 (en) System and method for host-initiated firewall discovery in a network environment
US20070101405A1 (en) System and method for secure network connectivity
US7606902B2 (en) Method and systems for routing packets from an endpoint to a gateway
US6321336B1 (en) System and method for redirecting network traffic to provide secure communication
EP1547337B1 (en) Watermarking at the packet level
US7146421B2 (en) Handling state information in a network element cluster
US20060212549A1 (en) IP address assigning method, VLAN changing device, VLAN changing system and quarantine process system
US20060288418A1 (en) Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis
US20030088792A1 (en) System and method for providing exploit protection with message tracking
US20060080444A1 (en) System and method for controlling access to a network resource
US7962957B2 (en) Method and apparatus for detecting port scans with fake source address
US20030145228A1 (en) System and method of providing virus protection at a gateway
US20020032854A1 (en) Distributed denial of service attack defense method and device
US20070245137A1 (en) HTTP cookie protection by a network security device
US20070156900A1 (en) Evaluating a questionable network communication
US20050050365A1 (en) Network unauthorized access preventing system and network unauthorized access preventing apparatus
US20020152399A1 (en) System and method for providing exploit protection for networks
US20080134332A1 (en) Method and apparatus for reduced redundant security screening
US6496935B1 (en) System, device and method for rapid packet filtering and processing
US20050091514A1 (en) Communication device, program, and storage medium
US6832321B1 (en) Public network access server having a user-configurable firewall
US20090126003A1 (en) System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10582127

Country of ref document: US

Ref document number: 2007226788

Country of ref document: US

ENP Entry into the national phase in:

Ref document number: 2007226788

Country of ref document: US

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2006546833

Country of ref document: JP

NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct app. not ent. europ. phase
WWP Wipo information: published in national office

Ref document number: 10582127

Country of ref document: US